I have been reading various pages on how to set up the network for xen. Unfortunately, none of them actually have a full example config. They clearly show what the xenbr0 section should look like, but not how you should change the eth0 after mentioning:

Note! The IP configuration of the bridge device should replace the IP configuration of the underlying interface, i.e. remove the IP settings from eth0 and move them to the bridge interface. eth0 will function purely as the physical uplink from the bridge so it can't have any IP (L3) settings on it!

I have tried many configurations that all fail (after running /etc/init.d/networking restart, there is no normal netowork access and can't ssh in or out).

Perhaps that is correct and I just need to set up some iptables forwarding rules?
I tried running the command sudo iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT but I recieved an error message that --physdev-is-bridged is not a recognized option.

The debug output of restarting the network gives the following output:

2 Answers
2

In the end I ended up just creating an interface and forwarding packets over it with some iptables rules, which seems to be working for me. This does NOT use the 'bridge' option that all the tutorials seem to suggest so I don't know if there is a fatal flaw?

Then you need to make sure that the script is called by the rc.local file:

sudo vi /etc/rc.local

Add the following line:

/bin/sh <path-to-script-you-just-created-here>

Then reboot to make all the settings take effect.

As you may notice, I set it so that the virtual machines use a 192.168.2.x address subnet whilst the outside lan is on 10.x.x.x, which is probably different from what most people will want so you will have to edit these to your own personal needs.

Update
Later I realized that a lack of bridging meant that I couldnt access my virtual machines from outside the network (i.e. I couldn't directly ssh into them from home, or run a website off of them etc)

Define eth0 first, without setting a gateway and IP. (Otherwise you will have "RTNETLINK answers: File exists" errors when the system attempts to create a route for the interface, since the bridge will attempt to create a route with the same priority and gateway and it's not smart enough to realize that they're identical anyways.)

When done, reboot. Otherwise, since you have been changing eth0 but not setting a new IP, your bridge may not come up properly, even if you use the ifup command/restart networking. This is because eth0 can accidentally keep its IP address.

Finally, configure your guest OS's network interfaces as if it were any other physical host on your network. (With example 1, you could use 192.168.1.11.) At this point, other devices on your network should be able to reach the guest.

ping 192.168.1.11

No iptables or IP forwarding (sysctl.conf) is necessary. STP is needed only if your network supports STP and you need to avoid Layer 2 network loops, and you don't want to handle that manually. (i.e. Small networks won't need bridge_stp, bridge_fd or bridge_maxwait.)